.
Arches, please stabilize: =www-apps/mediawiki-1.19.15 =www-apps/mediawiki-1.21.8
amd64 stable
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
cleanup done.
CVE-2014-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2665): includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA VOTE: No
GLSA already in progress, adding this to existing GLSA.
This issue was resolved and addressed in GLSA 201502-04 at http://security.gentoo.org/glsa/glsa-201502-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).